Added validation to detect duplicate users during registration
This commit is contained in:
Nanne Baars
parent
dc245bd1e7
commit
fbf2d1b422
@ -1,5 +1,6 @@
|
||||
package org.owasp.webgoat.users;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.validation.Errors;
|
||||
import org.springframework.validation.Validator;
|
||||
@ -9,10 +10,10 @@ import org.springframework.validation.Validator;
|
||||
* @since 3/19/17.
|
||||
*/
|
||||
@Component
|
||||
@AllArgsConstructor
|
||||
public class UserValidator implements Validator {
|
||||
|
||||
// @Autowired
|
||||
// private UserService userService;
|
||||
private final UserRepository userRepository;
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> aClass) {
|
||||
@ -23,9 +24,9 @@ public class UserValidator implements Validator {
|
||||
public void validate(Object o, Errors errors) {
|
||||
UserForm userForm = (UserForm) o;
|
||||
|
||||
// if (userService.findByUsername(userForm.getUsername()) != null) {
|
||||
// errors.rejectValue("username", "Duplicate.userForm.username");
|
||||
// }
|
||||
if (userRepository.findByUsername(userForm.getUsername()) != null) {
|
||||
errors.rejectValue("username", "username.duplicate");
|
||||
}
|
||||
|
||||
if (!userForm.getMatchingPassword().equals(userForm.getPassword())) {
|
||||
errors.rejectValue("matchingPassword", "password.diff");
|
||||
|
||||
@ -0,0 +1,62 @@
|
||||
package org.owasp.webgoat.users;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.owasp.webgoat.session.WebGoatUser;
|
||||
import org.springframework.validation.BeanPropertyBindingResult;
|
||||
import org.springframework.validation.Errors;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.Matchers.anyString;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class UserValidatorTest {
|
||||
|
||||
@Mock
|
||||
private UserRepository userRepository;
|
||||
|
||||
@Test
|
||||
public void passwordsShouldMatch() {
|
||||
UserForm userForm = new UserForm();
|
||||
userForm.setAgree("true");
|
||||
userForm.setUsername("test1234");
|
||||
userForm.setPassword("test1234");
|
||||
userForm.setMatchingPassword("test1234");
|
||||
Errors errors = new BeanPropertyBindingResult(userForm, "userForm");
|
||||
new UserValidator(userRepository).validate(userForm, errors);
|
||||
assertFalse(errors.hasErrors());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGiveErrorWhenPasswordsDoNotMatch() {
|
||||
UserForm userForm = new UserForm();
|
||||
userForm.setAgree("true");
|
||||
userForm.setUsername("test1234");
|
||||
userForm.setPassword("test12345");
|
||||
userForm.setMatchingPassword("test1234");
|
||||
Errors errors = new BeanPropertyBindingResult(userForm, "userForm");
|
||||
new UserValidator(userRepository).validate(userForm, errors);
|
||||
assertTrue(errors.hasErrors());
|
||||
assertThat(errors.getFieldError("matchingPassword").getCode()).isEqualTo("password.diff");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGiveErrorWhenUserAlreadyExists() {
|
||||
UserForm userForm = new UserForm();
|
||||
userForm.setAgree("true");
|
||||
userForm.setUsername("test12345");
|
||||
userForm.setPassword("test12345");
|
||||
userForm.setMatchingPassword("test12345");
|
||||
when(userRepository.findByUsername(anyString())).thenReturn(new WebGoatUser("test1245", "password"));
|
||||
Errors errors = new BeanPropertyBindingResult(userForm, "userForm");
|
||||
new UserValidator(userRepository).validate(userForm, errors);
|
||||
assertTrue(errors.hasErrors());
|
||||
assertThat(errors.getFieldError("username").getCode()).isEqualTo("username.duplicate");
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user